<?php
header("Content-Type: text/html; charset=utf-8");

// var_dump($_POST);
$user = $_POST['username'];
$pass = $_POST['password'];

include 'connect.php';

$sql = 'select username,password from user where username="' . $user . '";';
$result = mysqli_query($link, $sql);
// print_r($result);
// echo $result->num_rows;
if ($result->num_rows != 1) {
    echo "用户名不存在";
    mysqli_close($link);
    die();
}
echo "<hr>";
$row = mysqli_fetch_array($result);

if ($row['password'] == $pass) {
    // echo "登录成功";
    $time = getdate();
    session_start();
    $_SESSION['user'] = $user;
    $_SESSION['login_time'] = $time[0];
    header("Location: index.php");
} else {
    // echo "账号或密码错误";
    echo '<script>alert("账号或密码不正确!");window.location.href = "login.html";</script>';
}

mysqli_close($link);
